Bug #71975 inserting parameter multiple times in statement
Submitted: 7 Mar 2014 21:32 Modified: 7 May 2014 14:43
Reporter: Jas Per Email Updates:
Status: Closed Impact on me:
None 
Category:Connector / Python Severity:S3 (Non-critical)
Version:1.16 OS:Any (Python3)
Assigned to: CPU Architecture:Any

[7 Mar 2014 21:32] Jas Per
Description:
When preparing a statement the connector replaces a parameter only once (I assume to speedup processing). The Python2 connector does not use string replace but the old string formatting and allows multiple replacements with the same parameter.

How to repeat:
see here: https://groups.google.com/forum/#!topic/sqlalchemy/jbdnEMNYZ30

Suggested fix:
change mysql/connector/cursor.py line 498ff:

if isinstance(params, dict):
  for key, value in self._process_params_dict(params).items():
  stmt = stmt.replace(key, value, 1)

to:

if isinstance(params, dict):
  for key, value in self._process_params_dict(params).items():
  stmt = stmt.replace(key, value)
[7 May 2014 14:43] Paul DuBois
Noted in 1.2.2 changelog.

For Python 3, when parameters were passed as a dictionary to the
MySQLCursor methods execute() and executemany(), only first
occurrence of each element in the query was replaced by the parameter
value.